Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Malware Infection Still Hurting


  • Please log in to reply
17 replies to this topic

#1 brooklyn11218

brooklyn11218

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY
  • Local time:02:59 PM

Posted 15 December 2005 - 03:23 AM

Hi,

I am running windows XP. I was infected with a malware through my aol service; they helped me remove it. since its removal though my computer still shows signs of infection. it slows and freezes often, i get lots of pop ups, i cannot play audio or video without it freezing and jumping every 10 seconds. and no matter what i do i cannot remove ad/spyware from my pc. I have taken the follwing steps towards removing it:
  • shut off system restore
  • scanned pc with mcafee anti-virus
  • scanned with spysweeper
  • scanned with spy-bot search and destroy
  • scanned with ad-aware
  • scanned with mcafee singer
  • repeated all scans in safe mode
my computer is still acting up so i have decided to post a hijackthis log to your forum in the hopes that you can help. thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:59:51 AM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\devldr32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1134165765\ee\AOLServiceHost.exe
c:\program files\common files\aol\1134165765\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\AOL\1134165765\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Jose Rivera\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p....0&plcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Class - {CC9908BF-DB26-5D28-B257-C15D770AF166} - blank (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - blank (file missing)
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094096504242
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129723176995
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.com/acti...loadControl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2005 - 07:57 PM

Hi brooklyn11218 and Welcome to the Bleeping Computer!

Im not seeing much in the HijackThis log.

Lets have a deeper look and see whats lurking around.


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with the results from the WinPFind Scan.


#3 brooklyn11218

brooklyn11218
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY

Posted 17 December 2005 - 05:18 PM

Hi,

thank you for helping me. I did as you asked and the logs are copy and pasted below.

WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
UPX! 10/15/2003 11:42:16 PM 150528 C:\WINDOWS\unSpySweeper.exe
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745

Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PEC2 10/19/2000 6:53:02 PM 566857 C:\WINDOWS\SYSTEM32\glib-1.3.dll
PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/17/2005 1:45:56 PM S 2048 C:\WINDOWS\bootstat.dat
12/9/2005 4:54:34 PM H 24 C:\WINDOWS\puc2l
12/17/2005 9:48:02 AM H 54156 C:\WINDOWS\QTFont.qfn
10/20/2005 12:00:16 AM H 0 C:\WINDOWS\inf\oem49.inf
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
12/17/2005 1:45:46 PM H 8192 C:\WINDOWS\system32\config\default.LOG
12/17/2005 1:46:16 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/17/2005 1:46:00 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/17/2005 1:46:46 PM H 77824 C:\WINDOWS\system32\config\software.LOG
12/17/2005 1:46:06 PM H 1183744 C:\WINDOWS\system32\config\system.LOG
12/16/2005 8:22:22 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/20/2005 11:25:18 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dd5aeab4-6a5d-4e0b-a673-c0cf09820bc8
11/20/2005 11:25:18 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/17/2005 1:44:54 PM H 6 C:\WINDOWS\Tasks\SA.DAT
10/26/2005 7:09:42 PM H 38496 C:\WINDOWS\Temp\CS000905CB-6EA1-4484-A5C6-A173FC24D1BC.tmp
11/1/2005 9:37:42 PM H 0 C:\WINDOWS\Temp\CS0058D42A-670B-49D5-B8A3-52C0A720B6C5.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS00CC3A84-7B8A-4891-84A9-FF5CD433DAA2.tmp
10/24/2005 5:54:18 PM H 518 C:\WINDOWS\Temp\CS01A66AE1-4829-40AD-B8B4-FEDC65363552.tmp
10/23/2005 8:09:54 PM H 0 C:\WINDOWS\Temp\CS01F4522C-8393-45EC-A34D-6441A36B20D0.tmp
10/26/2005 6:56:40 PM H 124 C:\WINDOWS\Temp\CS024EDD22-9A94-4C38-913D-7013B03FC5C9.tmp
10/24/2005 5:54:18 PM H 48 C:\WINDOWS\Temp\CS029F31CA-1662-471B-A576-835D3FEB7D05.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS02CCD3DD-A502-4700-A1D0-39B6265262D7.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS02EB2891-DE7A-43F4-95DB-251AABCF9BAD.tmp
10/26/2005 6:56:40 PM H 100 C:\WINDOWS\Temp\CS02FD7626-404E-46A2-8F30-073EBE76997F.tmp
10/26/2005 7:09:42 PM H 1125240 C:\WINDOWS\Temp\CS03123FFE-C7D0-4242-8B5B-51DDD01A1D47.tmp
11/1/2005 9:37:42 PM H 0 C:\WINDOWS\Temp\CS0312EB6B-5BC9-4D69-BC10-6A9ED06C5279.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS0342FE7C-B909-4C10-A968-AD349DE395C8.tmp
10/26/2005 7:09:42 PM H 0 C:\WINDOWS\Temp\CS03E6431A-D6EC-4D8A-9A2A-EB854F530A59.tmp
11/1/2005 9:37:42 PM H 42 C:\WINDOWS\Temp\CS040530B0-8C6F-40EC-B1B3-998997377893.tmp
10/25/2005 8:56:50 AM H 1125240 C:\WINDOWS\Temp\CS0517A13C-9B10-460C-90AA-AB4500877CF9.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS052B1AE7-82BF-486D-A25B-C746D128169E.tmp
10/26/2005 7:09:42 PM H 814 C:\WINDOWS\Temp\CS0544EA46-BA5A-453E-926B-F2391E37BDAF.tmp
10/27/2005 7:08:46 AM H 638 C:\WINDOWS\Temp\CS05AE8AA3-4CA8-4255-B872-9052D6216764.tmp
10/25/2005 8:56:50 AM H 32 C:\WINDOWS\Temp\CS0636BB0C-921E-4282-B91E-10A3F7B23B1B.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS0643F165-44E9-40C4-8C83-4BD913EE7117.tmp
10/25/2005 8:56:50 AM H 0 C:\WINDOWS\Temp\CS06F085B8-BE9F-4047-8A05-48007DA8EA02.tmp
10/26/2005 7:10:58 PM H 1519726 C:\WINDOWS\Temp\CS07933DF4-C8CD-4319-9285-14DF4707E342.tmp
10/29/2005 12:34:30 PM H 204 C:\WINDOWS\Temp\CS08454153-CC7E-4517-8731-7216AC97FFD4.tmp
10/26/2005 6:56:40 PM H 422 C:\WINDOWS\Temp\CS085FBC64-9BEA-4B96-A5EE-D4AB8EFCB35E.tmp
10/24/2005 5:54:18 PM H 124 C:\WINDOWS\Temp\CS08A8BE08-8770-476B-A441-A83746917A71.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS09A72CFE-2643-406C-B668-6D343A7EB93B.tmp
10/26/2005 7:09:42 PM H 2124 C:\WINDOWS\Temp\CS0A57700D-B242-4ACC-BB4B-B1AE0D30FE25.tmp
10/24/2005 5:54:18 PM H 42 C:\WINDOWS\Temp\CS0A88B2DA-CD98-490A-BB75-261D080B001B.tmp
10/25/2005 8:56:50 AM H 220 C:\WINDOWS\Temp\CS0BB52095-A032-4FF9-A4AB-8C9E5198AE27.tmp
10/23/2005 8:10:46 PM H 82104 C:\WINDOWS\Temp\CS0DAE199A-5A81-4AB9-8D17-D5D413E331A1.tmp
10/27/2005 7:08:46 AM H 422 C:\WINDOWS\Temp\CS0E118544-D11F-4EEB-96C2-03CF0523C009.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS0E693456-BE74-4CF1-8783-E42D11B4838F.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS0E6EF19E-7B3E-4498-A6A1-C48DC2EAF0E3.tmp
10/23/2005 8:09:54 PM H 240 C:\WINDOWS\Temp\CS0E88B5F0-B294-4DBE-9C45-7F244E503CC2.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS0F3A3AD0-38A1-4ACC-85B1-E7C1B4EA855C.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS10F09555-8881-4C58-A41D-B555EBC70989.tmp
10/27/2005 7:08:46 AM H 48 C:\WINDOWS\Temp\CS13C0BF50-9577-46DE-AD7E-7ACFF7C617F3.tmp
11/1/2005 9:37:42 PM H 136 C:\WINDOWS\Temp\CS148A3FCE-BE46-43B2-A0A1-E51FC44989CA.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS156FC032-33C1-4D07-9370-25F119BD66C6.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS159E071C-2784-4A37-9B94-6A9EADDDCFE9.tmp
10/23/2005 8:09:52 PM H 0 C:\WINDOWS\Temp\CS15F980B3-4833-498F-B0F4-C7FC36E02E28.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS170B7C43-BB89-42E8-B269-E7105AA69310.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS170C4EE3-C2C1-4B02-964D-84484A3AFFAC.tmp
11/1/2005 9:37:42 PM H 0 C:\WINDOWS\Temp\CS17DF1676-9CFD-4A8F-86D4-D3E1F03ACADC.tmp
10/26/2005 6:56:40 PM H 0 C:\WINDOWS\Temp\CS183D31DE-B2DD-4714-90A1-2FB591E11BC9.tmp
10/26/2005 6:56:40 PM H 530 C:\WINDOWS\Temp\CS183F344D-CB7C-4D99-97C3-E879D48A7129.tmp
10/25/2005 8:56:50 AM H 814 C:\WINDOWS\Temp\CS184F126F-2E13-413F-9818-E4CC8B6EF71B.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS1A16A4A9-E23C-4B6D-9472-F586BE77159A.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS1A361FDA-7A0C-484D-8FA7-1C7A6529AA20.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS1AF71E94-1E2F-4801-98E5-14D182CFA295.tmp
10/24/2005 5:54:18 PM H 530 C:\WINDOWS\Temp\CS1DB69AF0-E31F-4EA1-8179-341A72D46BB1.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS1DBB3254-D383-4A21-83C8-7CD55685AE2C.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS1DC710F5-BA78-4336-9BA5-E814E2073295.tmp
10/26/2005 7:09:42 PM H 0 C:\WINDOWS\Temp\CS1E20542D-5AC9-4A52-BD0B-D655964BF2B7.tmp
11/1/2005 9:37:42 PM H 120 C:\WINDOWS\Temp\CS1ECE1259-DEFA-4FC0-8249-68BE46E90290.tmp
10/29/2005 12:34:30 PM H 110864 C:\WINDOWS\Temp\CS1EEE72ED-5324-4881-8EC8-C2B329516759.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS1EF741D0-133E-4F57-B837-A00F827054A1.tmp
10/26/2005 7:09:42 PM H 3429 C:\WINDOWS\Temp\CS2030D10B-0B87-4A5F-B244-3FA7F3E22F2C.tmp
10/24/2005 5:54:18 PM H 438 C:\WINDOWS\Temp\CS20AF8B3F-0945-46F9-BE4C-45D8CA9D2F20.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS2183D0B0-2394-459B-8198-A9C2488FACA1.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS232E06F3-7B42-4E51-A234-074F2E3B06F5.tmp
10/23/2005 8:09:54 PM H 0 C:\WINDOWS\Temp\CS2358612E-C744-4E05-947F-9D846BAA8742.tmp
10/23/2005 8:09:54 PM H 42954 C:\WINDOWS\Temp\CS25163C93-4223-43DE-BC90-139F45E45A8D.tmp
10/26/2005 6:56:40 PM H 0 C:\WINDOWS\Temp\CS25DB6665-DF0E-434B-ACBA-1D7A63D79BB8.tmp
10/26/2005 6:56:40 PM H 114 C:\WINDOWS\Temp\CS267245CA-BA6D-493F-9A25-0A60C8381166.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS2697C07B-69DC-455B-90D9-470DAEA31749.tmp
10/27/2005 7:08:46 AM H 120 C:\WINDOWS\Temp\CS26F99637-8654-4537-AB5E-0163F93FD7E0.tmp
10/26/2005 6:56:40 PM H 48 C:\WINDOWS\Temp\CS271B5BC9-B414-43B6-8F65-5956826A78AC.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS27524893-6ED2-4BF4-87F9-B9B99FA0157E.tmp
10/26/2005 7:10:46 PM H 74934 C:\WINDOWS\Temp\CS280149EA-E503-469C-963A-DA917B70F439.tmp
10/23/2005 8:09:54 PM H 204 C:\WINDOWS\Temp\CS28C314FE-FB94-48AF-93CE-B177A3811A8B.tmp
10/26/2005 7:09:42 PM H 1348984 C:\WINDOWS\Temp\CS298C7CD7-84D5-4DBB-87F2-B49E089A4073.tmp
10/29/2005 12:34:30 PM H 38472 C:\WINDOWS\Temp\CS29941A40-508E-4900-82C5-AEF797FCF26C.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS2B9D42DE-15A1-4FCD-9BAA-A3B0C555B489.tmp
10/26/2005 6:56:40 PM H 462 C:\WINDOWS\Temp\CS2BF04CC4-CBF2-440F-918E-7D30DFF196A8.tmp
10/29/2005 12:34:30 PM H 43138 C:\WINDOWS\Temp\CS2C2A39BF-1D24-4CDE-8847-1E176A9BD835.tmp
10/24/2005 5:54:18 PM H 114 C:\WINDOWS\Temp\CS2D70DBFC-F866-4C93-8547-B198B1392E0B.tmp
10/26/2005 6:56:40 PM H 0 C:\WINDOWS\Temp\CS2DC97624-7D6C-4FFD-88DE-BC71EF1208B7.tmp
10/25/2005 8:56:50 AM H 580678 C:\WINDOWS\Temp\CS2E232181-B71F-4DC0-B6EB-127544A313C4.tmp
11/1/2005 9:37:42 PM H 48 C:\WINDOWS\Temp\CS2E30EA56-88BD-46BF-8B9D-807102A57376.tmp
10/24/2005 5:54:18 PM H 514 C:\WINDOWS\Temp\CS2FC794E1-174D-42EF-A6F4-683F890E32B9.tmp
10/29/2005 12:34:28 PM H 459 C:\WINDOWS\Temp\CS3016504B-6E1D-436B-ADDA-F0E4B5802C5A.tmp
10/26/2005 6:56:40 PM H 0 C:\WINDOWS\Temp\CS305C5E5C-C4FB-46D1-8D75-2C69BE9D6E1A.tmp
10/29/2005 12:34:28 PM H 240 C:\WINDOWS\Temp\CS308D6E3E-F363-467E-ABC4-39A9EFF44FFD.tmp
10/25/2005 8:57:38 AM H 412944 C:\WINDOWS\Temp\CS3158B320-DC51-4FC3-8BC3-956429A6E122.tmp
10/29/2005 12:34:30 PM H 7998 C:\WINDOWS\Temp\CS3256733C-2BE5-44AD-9946-715BD941825E.tmp
10/27/2005 7:08:46 AM H 100 C:\WINDOWS\Temp\CS32E305FD-17C4-4AF7-BD06-17DBC0D7CDAF.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS3325AF94-BBA2-4083-8F0F-07C9E5268F5D.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS3388C8AD-9438-4E1C-BDCF-5889E05D2B95.tmp
11/1/2005 9:37:42 PM H 48 C:\WINDOWS\Temp\CS339EC5E5-308C-4273-9C06-7E9BEF3A80F6.tmp
10/27/2005 7:08:46 AM H 100 C:\WINDOWS\Temp\CS3407DCE1-0951-4A7F-8175-49FC9EBBCE3D.tmp
10/27/2005 7:08:46 AM H 42 C:\WINDOWS\Temp\CS354BD6F3-1217-4407-BE44-8F07A0AC891F.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS367BA23A-28E3-40A4-A0C7-FF91E4559EF8.tmp
10/24/2005 5:54:18 PM H 102 C:\WINDOWS\Temp\CS36C341A5-1618-4CAB-A16F-495969E258A2.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS37C773E0-6426-4ADC-AC9F-2683CBC17E06.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS38B027A6-4C57-4DD3-98AA-4823F1EC60F5.tmp
10/25/2005 8:56:50 AM H 42954 C:\WINDOWS\Temp\CS391F55AB-936D-490F-BE5C-C2F6B3BBA4D9.tmp
11/1/2005 9:37:42 PM H 422 C:\WINDOWS\Temp\CS3972F191-5E79-43C8-8AA6-5C3F4489DF6E.tmp
10/25/2005 8:56:50 AM H 1546474 C:\WINDOWS\Temp\CS3A22F022-E4EE-4D93-B079-8C9B99663228.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS3B56643D-06B5-465E-A79E-EE05A2B64B02.tmp
11/1/2005 9:37:42 PM H 50 C:\WINDOWS\Temp\CS3BC60002-1F5A-403A-9480-911CDDF725B1.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS3BEA164A-7B9A-4BB9-B144-C2AB609F21C3.tmp
10/26/2005 6:56:40 PM H 0 C:\WINDOWS\Temp\CS3D03F229-8DD2-4A39-80F5-23F60CB382F9.tmp
10/26/2005 6:56:40 PM H 518 C:\WINDOWS\Temp\CS3DBB26FB-2143-47F3-B077-851C42DD7DB2.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS3E1129A2-3E33-468A-901E-10E1CCB031EC.tmp
10/23/2005 8:09:54 PM H 1546474 C:\WINDOWS\Temp\CS3E22B30A-6F15-4B55-AD47-D3F88A68F78D.tmp
10/24/2005 5:54:18 PM H 446 C:\WINDOWS\Temp\CS3E26CA4A-AEDD-45EF-B88A-BB285C67AF94.tmp
10/29/2005 12:34:28 PM H 1129066 C:\WINDOWS\Temp\CS416D0385-B163-454F-BA76-F0F3012DFB75.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS420C54BC-25B5-4258-BAB1-249E0BB67CE2.tmp
11/1/2005 9:37:42 PM H 42 C:\WINDOWS\Temp\CS422CE614-98AC-4A24-BD26-21E92567AD94.tmp
10/29/2005 12:34:34 PM H 74934 C:\WINDOWS\Temp\CS4233F1D0-9A45-4E1D-BD4E-417802FC21B6.tmp
10/26/2005 7:09:42 PM H 32 C:\WINDOWS\Temp\CS428A80C6-F4C9-4D0F-9A3D-C83D59986537.tmp
10/27/2005 7:08:46 AM H 162 C:\WINDOWS\Temp\CS4291BCBA-5D4D-4FF8-B6E2-36E0F5960AC8.tmp
10/26/2005 7:09:42 PM H 5480 C:\WINDOWS\Temp\CS434574FC-BE47-4734-AC14-92E9E6F1370C.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS4412C4EA-DB69-4954-86CB-AC1B0EF218ED.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS44F57D29-B10E-499B-8D50-57D3A3EEAEF4.tmp
10/24/2005 5:54:18 PM H 30 C:\WINDOWS\Temp\CS450B1844-FE68-41D9-9D16-CD8DDCEBEA3D.tmp
10/25/2005 8:56:50 AM H 30 C:\WINDOWS\Temp\CS472409FC-4244-4CA9-8832-741BEF04C790.tmp
10/29/2005 12:34:28 PM H 52 C:\WINDOWS\Temp\CS48358EB3-9E17-43B6-83DD-92B0D5BEA4D1.tmp
10/26/2005 7:09:42 PM H 220 C:\WINDOWS\Temp\CS4846E14F-C491-488F-922F-A46D3DB36551.tmp
10/23/2005 8:09:54 PM H 38496 C:\WINDOWS\Temp\CS48A906FB-3C22-4503-A7EA-EF24547D4DD9.tmp
10/26/2005 7:09:42 PM H 23988 C:\WINDOWS\Temp\CS49623E7B-696E-48F3-8569-8FC6A63B532F.tmp
10/25/2005 8:56:50 AM H 23988 C:\WINDOWS\Temp\CS4BF3E066-A9FD-46B6-9F0B-506BF94C2046.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS4CE0B8C1-F601-4CA4-8E0C-152A5487AC0C.tmp
10/29/2005 12:36:40 PM H 416416 C:\WINDOWS\Temp\CS4D4C3EAD-7F2C-46CE-9EAF-207E04690E7C.tmp
10/29/2005 12:34:28 PM H 792 C:\WINDOWS\Temp\CS4E701593-9556-41B7-A98D-67D6C991909F.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS4E8A2D74-220B-4895-AC1D-F738DDECAB5D.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS4EBBE96D-EAA3-45A5-B5F9-E82ED1992374.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS4ED9B4F3-A8C3-4554-A247-AEEEAE00A302.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS4F2DFF20-97CD-4967-B86D-367F06F6A80C.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS505D6A3D-A50E-4EB1-87E5-34DDD1038F0D.tmp
10/25/2005 8:56:50 AM H 240 C:\WINDOWS\Temp\CS506097E2-AFEE-4BD7-A5D0-58EADCF5FD4A.tmp
11/1/2005 9:37:42 PM H 48 C:\WINDOWS\Temp\CS50D58546-1040-4715-A521-30F3CFC79CF8.tmp
10/26/2005 7:09:42 PM H 42954 C:\WINDOWS\Temp\CS511EE3CF-27BD-43F1-BA62-D84FF3235A83.tmp
10/24/2005 5:54:18 PM H 68 C:\WINDOWS\Temp\CS516F3BC2-8FD1-48E1-AC81-4CEF4AD6CCE0.tmp
10/23/2005 8:09:54 PM H 160 C:\WINDOWS\Temp\CS520BDF08-122C-4230-9A8E-F49F4873E4EB.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS52578B9C-D1B8-4E8F-A05C-F028FCED66F9.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS530FBB37-A1BB-4BE3-8B30-3AFB20C97254.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS5361E13F-E66D-4F3D-844A-3C06DB8C0B13.tmp
11/1/2005 9:37:42 PM H 100 C:\WINDOWS\Temp\CS5404C57A-F43A-46A1-BFDA-B9D24E0F3AE6.tmp
10/27/2005 7:08:46 AM H 14 C:\WINDOWS\Temp\CS54B470C6-616A-45AC-8ECE-27FF35D1B3C2.tmp
10/25/2005 8:56:50 AM H 5480 C:\WINDOWS\Temp\CS54FAFD1F-612B-4F32-8B5D-2FA5640CF43B.tmp
10/29/2005 12:34:28 PM H 2142 C:\WINDOWS\Temp\CS5510ADB2-5001-406B-AED8-D1CC0F0FA14A.tmp
10/23/2005 8:09:54 PM H 5480 C:\WINDOWS\Temp\CS561B8E40-0D56-4E0C-AAE4-07AE4ADE9B18.tmp
10/26/2005 7:09:42 PM H 2016 C:\WINDOWS\Temp\CS56B4F287-0586-45D6-BD90-0387ABB0D1A0.tmp
10/27/2005 7:08:46 AM H 30 C:\WINDOWS\Temp\CS56CA6ABD-CC34-4A16-B384-9ABE35E25C42.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS56E09091-0C60-46C4-B606-BF076048EB6E.tmp
10/26/2005 7:09:42 PM H 450 C:\WINDOWS\Temp\CS56E0A2AB-6EA8-4A9D-8B7D-B2EE0AF8B2C1.tmp
10/27/2005 7:08:46 AM H 518 C:\WINDOWS\Temp\CS57653F2C-D6FC-4A73-A026-1E9D425D4F1E.tmp
10/26/2005 7:09:42 PM H 1546474 C:\WINDOWS\Temp\CS5810F5CB-2410-494C-A66A-C8C9E11FED9C.tmp
10/24/2005 5:54:18 PM H 422 C:\WINDOWS\Temp\CS58EE541D-0E8B-4ECA-A437-4AB7FD3764B1.tmp
10/25/2005 8:56:50 AM H 204 C:\WINDOWS\Temp\CS58FFE336-19AF-40F1-B541-72E65E061473.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS5935A436-38FC-4880-A69C-25A0D67AB71D.tmp
10/23/2005 8:09:54 PM H 2404080 C:\WINDOWS\Temp\CS59A9E4CA-65B4-480F-AABB-068F2DDDAEF4.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS5A5F951C-BCAE-45E4-B05E-D06ACE20D12E.tmp
10/26/2005 7:09:42 PM H 580678 C:\WINDOWS\Temp\CS5A68A55F-1E90-409C-952C-5F030A3D4976.tmp
10/29/2005 12:36:40 PM H 1878248 C:\WINDOWS\Temp\CS5D1FF354-760F-4DA8-9DA6-B8DA9D3FD8CF.tmp
10/26/2005 7:09:42 PM H 943864 C:\WINDOWS\Temp\CS5D572974-A58A-4707-8730-BE49FB967748.tmp
10/23/2005 8:09:54 PM H 220 C:\WINDOWS\Temp\CS5D597864-AB57-4446-A0B1-5EE347C4F78E.tmp
10/24/2005 5:54:18 PM H 100 C:\WINDOWS\Temp\CS5DF637B0-35C1-40CB-9AFF-F3BC59405629.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS5F8491CA-64EF-43FE-93D3-FACCB485ABDF.tmp
10/25/2005 8:57:38 AM H 82104 C:\WINDOWS\Temp\CS5FD7C5CC-B928-4E98-ACA1-A062F0FA9B94.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS600BE635-8316-4CCA-B0EF-C6F55A751553.tmp
10/24/2005 5:54:18 PM H 136 C:\WINDOWS\Temp\CS61054A6C-A2EC-40FA-A064-B760376F8124.tmp
10/27/2005 7:08:46 AM H 438 C:\WINDOWS\Temp\CS617C5707-0B70-4339-A7FD-0A768AD8AFCA.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS619E0A8F-1FAD-4970-B76B-2B13BE7368A4.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS64409085-916A-4AD5-8C8E-ED057CDEFAA5.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS64635167-3918-4F6C-AC7A-FE2E159B28DD.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS64FDD674-1CD7-42B6-AAA2-F5D46C58B0BD.tmp
10/27/2005 7:08:46 AM H 446 C:\WINDOWS\Temp\CS659AE3D6-5AFF-4529-8CAA-BD0BF872C8EF.tmp
10/26/2005 6:56:40 PM H 96 C:\WINDOWS\Temp\CS65EC831B-56F3-458C-B4C6-CD80CCC97430.tmp
10/29/2005 12:34:28 PM H 220 C:\WINDOWS\Temp\CS65FB5C52-CD61-44AF-B6E4-E2A3952DC0F9.tmp
10/29/2005 12:34:28 PM H 32 C:\WINDOWS\Temp\CS66E3D61E-4725-422F-BBD9-381E97E560C8.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS67EE87AF-8160-41EE-8B51-83FC4104E340.tmp
10/29/2005 12:34:28 PM H 72289 C:\WINDOWS\Temp\CS67F2B073-16BF-48DD-956B-9D21C52A920E.tmp
10/24/2005 5:54:18 PM H 422 C:\WINDOWS\Temp\CS6825E345-2A47-406A-86C2-023D98953A11.tmp
10/23/2005 8:09:54 PM H 1125240 C:\WINDOWS\Temp\CS68722785-EAB9-4415-9BAE-32BEA2011F77.tmp
11/1/2005 9:37:42 PM H 0 C:\WINDOWS\Temp\CS6A4C9020-B823-48A3-9376-F1A1B1DF57B3.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS6AAF0D89-C65F-4641-A174-E1F17BF5AD90.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS6AD35007-CD69-4E6C-8039-3084C7E99A32.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS6AE48436-43F3-4B3F-80EC-D52294A34944.tmp
10/26/2005 6:56:40 PM H 100 C:\WINDOWS\Temp\CS6B5CAC4B-D957-4DE3-A456-6C6B02D1A3F3.tmp
10/24/2005 5:54:18 PM H 120 C:\WINDOWS\Temp\CS6BA91FC7-37B3-4FDE-982C-A0762160FF1D.tmp
10/25/2005 8:56:50 AM H 72059 C:\WINDOWS\Temp\CS6BC0F5D5-F42E-4C2F-B5E5-7C4210D6AC86.tmp
10/27/2005 7:08:46 AM H 136 C:\WINDOWS\Temp\CS6D25DCA9-F9A7-4541-AB1D-0AFE526FBC54.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS6F92D40A-209B-413D-88A9-33E824C92829.tmp
10/27/2005 7:08:46 AM H 102 C:\WINDOWS\Temp\CS705B06AC-295D-4052-9B55-19662A95628A.tmp
11/1/2005 9:37:42 PM H 0 C:\WINDOWS\Temp\CS708F2A85-AC44-4938-AB55-AD869F9F5079.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS70C4437B-F72D-4AE9-8212-90A09FCA8795.tmp
11/1/2005 9:37:42 PM H 100 C:\WINDOWS\Temp\CS749817B3-D1BC-47A9-952B-60EFF72D475D.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS74D15105-8356-4272-9926-2FA9E1B48D25.tmp
10/25/2005 8:56:50 AM H 450 C:\WINDOWS\Temp\CS74FDAEA8-4F98-456D-BAC1-C66E5A8259EF.tmp
10/27/2005 7:08:46 AM H 96 C:\WINDOWS\Temp\CS779D5AFE-3C04-46A3-8AEA-141A5F0BED24.tmp
10/27/2005 7:08:46 AM H 664 C:\WINDOWS\Temp\CS77EB5FCB-0D57-4F63-88FD-E9678AA858C6.tmp
10/26/2005 7:09:42 PM H 240 C:\WINDOWS\Temp\CS780742E5-F7CF-4B71-9BBF-30BF42B4D24E.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS781224F7-52B1-4710-8C3E-38AF6439B5F2.tmp
10/23/2005 8:09:54 PM H 1348984 C:\WINDOWS\Temp\CS79B0659D-BEFD-4F2C-B020-14DB7AA3BA1E.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS79C69BEB-6CE4-4F52-9396-E34DBFBB180F.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS7B10E8A9-74E4-48D3-9337-E4662C43CC62.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS7BB63872-3696-4D4F-857C-9E3A6902A53A.tmp
10/26/2005 6:56:40 PM H 446 C:\WINDOWS\Temp\CS7C350C28-63ED-4CB6-9F8E-F927CC0D0E2C.tmp
10/25/2005 8:56:50 AM H 943864 C:\WINDOWS\Temp\CS7C76DA65-DBC0-4F3A-ADE5-BB7D91E7FFD2.tmp
10/27/2005 7:08:46 AM H 608 C:\WINDOWS\Temp\CS7CBE3B97-FAB7-4888-9303-F3A6FD40AA89.tmp
10/23/2005 8:09:54 PM H 943864 C:\WINDOWS\Temp\CS7D03C4D4-4A2B-44AD-A273-3CE50C1805C6.tmp
10/25/2005 8:56:50 AM H 38496 C:\WINDOWS\Temp\CS7DA5FF6D-1A3C-43DB-9DDD-F9E74EF315FE.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS7DB64052-C325-46A1-B9EE-F3B3030AB866.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS7F8FADA4-30E4-4AF6-8A78-EF6B303D49AC.tmp
10/24/2005 5:54:18 PM H 48 C:\WINDOWS\Temp\CS7FF85178-6792-4328-A8E0-BB20A17415D3.tmp
10/25/2005 8:57:26 AM H 74934 C:\WINDOWS\Temp\CS80210C54-5303-4856-86E8-13E6FC056659.tmp
10/24/2005 5:54:18 PM H 0 C:\WINDOWS\Temp\CS808F1974-8F13-4085-B238-40F07B335F99.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS8356AB77-C3E0-484D-A3BC-CF24C949DDB6.tmp
10/26/2005 7:09:42 PM H 30 C:\WINDOWS\Temp\CS8409BC7D-8D10-4F31-BD0F-0F4DFF361443.tmp
10/29/2005 12:34:28 PM H 1554826 C:\WINDOWS\Temp\CS858F4092-AC40-4641-A7F0-B230A2D38132.tmp
10/23/2005 8:09:54 PM H 30 C:\WINDOWS\Temp\CS85BC7095-ECEC-4BE0-AAAC-F306F435CEC8.tmp
10/26/2005 6:56:40 PM H 14 C:\WINDOWS\Temp\CS86564C21-F87B-4CB7-A616-B8778BEB28C1.tmp
10/26/2005 6:56:40 PM H 0 C:\WINDOWS\Temp\CS8720E701-17D5-4BDF-AAD0-EDA300737ABC.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS874DB8C2-1925-46D6-978B-22A55AFC5AA7.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS875B8131-CDAC-4427-8C69-2E21D7A88297.tmp
10/29/2005 12:34:28 PM H 0 C:\WINDOWS\Temp\CS884B5274-629A-4120-972F-059A32E6F2FE.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS88FF79AE-C934-4109-A3BE-ABE120DD8DA3.tmp
10/26/2005 7:09:42 PM H 110600 C:\WINDOWS\Temp\CS890D6E41-74CD-434B-AA14-2C59661B2059.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS896E12F6-3E6A-4FA9-B07E-C2A43C0041D5.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS89F50E4D-1D10-4675-9C27-8214E73D4C34.tmp
10/27/2005 7:08:46 AM H 118 C:\WINDOWS\Temp\CS8B9131F8-4F78-4BAB-AD1C-3EB4E1EAEA9F.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS8BFDE5B5-0D98-4A19-BA6E-4D7EBBD6C6A5.tmp
10/26/2005 7:09:42 PM H 2404080 C:\WINDOWS\Temp\CS8C83BA28-4068-43D2-8EDA-C62E48366068.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS8CF15B5C-BBB9-4F9B-A36A-0491027964EB.tmp
11/1/2005 9:37:42 PM H 162 C:\WINDOWS\Temp\CS8D473B56-1A3B-496C-9D80-E10CBEE66A72.tmp
10/26/2005 7:09:38 PM H 0 C:\WINDOWS\Temp\CS8D59F3AE-7FAA-4AF4-8F5D-65E80194924D.tmp
10/26/2005 6:56:40 PM H 120 C:\WINDOWS\Temp\CS8E4C6A0A-8E43-488C-8B6C-6BEC4CB9940C.tmp
10/24/2005 5:54:18 PM H 118 C:\WINDOWS\Temp\CS8F1250EA-4DFC-48E0-8A1D-FCA4B7EFC673.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS9010F21C-BA97-42D2-ACDC-9DC49673E3B7.tmp
10/27/2005 7:08:46 AM H 530 C:\WINDOWS\Temp\CS910CD156-DA4E-4625-A8C4-97FA7ABB4845.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS9218945C-35EE-4A58-A5AC-7BCF61EE7031.tmp
10/26/2005 7:09:42 PM H 7908 C:\WINDOWS\Temp\CS928C3AF5-8260-49F7-9687-4FE4DD7572F1.tmp
10/24/2005 5:54:18 PM H 462 C:\WINDOWS\Temp\CS94187266-DADA-44BD-9BB5-F32B0BB7E55A.tmp
10/26/2005 6:56:40 PM H 102 C:\WINDOWS\Temp\CS9511D5E7-04CE-49E9-B5CD-9512E787734E.tmp
10/26/2005 6:56:40 PM H 100 C:\WINDOWS\Temp\CS95B2AF0F-9A83-493B-A4D7-8C7FDE09D9BE.tmp
10/29/2005 12:34:28 PM H 5472 C:\WINDOWS\Temp\CS963843CA-30BC-408A-A9D7-310AE25FB1B2.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS96757DDB-13C0-48D2-A8A1-79A9A1E91775.tmp
11/1/2005 9:37:42 PM H 30 C:\WINDOWS\Temp\CS97BF7D25-709A-4327-8DB2-85BB2F47F0EF.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CS97ED6CEE-6FE4-4CAB-8735-818A998216D3.tmp
11/1/2005 9:37:42 PM H 530 C:\WINDOWS\Temp\CS982F5800-7E65-4DC3-B0D5-74BE4BED0A65.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS9841B9DE-01AA-4A60-BDD6-D25FE0C78BEB.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CS9887825D-141C-4792-A564-4359FCE2AB06.tmp
10/23/2005 8:10:24 PM H 74934 C:\WINDOWS\Temp\CS99032EB6-33D3-4453-A138-F6A11E65449E.tmp
10/23/2005 8:09:54 PM H 450 C:\WINDOWS\Temp\CS9A128F4E-3D2F-4062-9F70-13BD69937F7C.tmp
10/23/2005 8:10:46 PM H 412944 C:\WINDOWS\Temp\CS9B485A48-C71E-4685-A72B-82B04DE0A1EB.tmp
10/27/2005 7:08:46 AM H 834 C:\WINDOWS\Temp\CS9B4D303B-9031-4704-B73C-E9E9EB6588AB.tmp
10/24/2005 5:54:18 PM H 48 C:\WINDOWS\Temp\CS9BBC148D-F7E5-4488-ACC7-28FF062F0837.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CS9BDFA355-6E84-45B4-AA95-A33A0461961D.tmp
10/27/2005 7:08:46 AM H 462 C:\WINDOWS\Temp\CS9DCEAA35-A5E2-46AF-B79D-BF5F3CD7290E.tmp
10/24/2005 5:54:18 PM H 162 C:\WINDOWS\Temp\CS9E849B47-E909-4993-AD2E-969BE7AF3253.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CS9FF658A2-22D8-4ED7-8A41-DAB2FB6F00F5.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSA040901A-46AC-4D8C-BCBF-B4CB5A5CBC9A.tmp
10/23/2005 8:09:54 PM H 3429 C:\WINDOWS\Temp\CSA082ABCB-0E77-4C94-9621-EA49B0D311EB.tmp
10/23/2005 8:09:54 PM H 7908 C:\WINDOWS\Temp\CSA094CF28-9024-4EBD-BD71-081416D0E8A4.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSA0C89FA0-35D8-4DF4-829E-2267B5420691.tmp
10/27/2005 7:08:46 AM H 582 C:\WINDOWS\Temp\CSA23457F7-7F69-4167-AF80-7BD55FE3A1D4.tmp
10/26/2005 6:56:40 PM H 136 C:\WINDOWS\Temp\CSA2C0D397-E440-4762-BB6C-584870600A12.tmp
10/29/2005 12:34:28 PM H 2422350 C:\WINDOWS\Temp\CSA42AD0BC-B7D9-40D7-B04F-1FB5FC8B0A84.tmp
10/27/2005 7:08:46 AM H 114 C:\WINDOWS\Temp\CSA46F7F81-3858-4A17-8AA9-4E570C8FDFC2.tmp
10/27/2005 7:08:46 AM H 100 C:\WINDOWS\Temp\CSA549535A-5798-425D-9648-86046FB84108.tmp
10/26/2005 6:56:40 PM H 162 C:\WINDOWS\Temp\CSA62069EA-0521-4740-8914-1E0481C09F60.tmp
10/27/2005 7:08:46 AM H 42 C:\WINDOWS\Temp\CSA7A1458A-75A9-4CE7-B40E-2AE3879D84CA.tmp
10/27/2005 7:08:46 AM H 48 C:\WINDOWS\Temp\CSAA7D7A31-AAAE-4A39-A82B-CDBC93FE8464.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSABBC5F70-DC91-454E-AC9B-E191AC33EAA5.tmp
11/1/2005 9:37:42 PM H 462 C:\WINDOWS\Temp\CSACFB5626-3196-432F-BA7F-6E80EB47650A.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSAE10A881-12A9-4923-9F4E-B80BE9479A22.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSAE9CB871-4611-4C34-AE79-9483DA777D88.tmp
11/1/2005 9:37:42 PM H 422 C:\WINDOWS\Temp\CSAED54ABE-FDA9-4E98-BE9D-FF3F22386392.tmp
10/25/2005 8:56:50 AM H 110600 C:\WINDOWS\Temp\CSAEDBD0A4-5399-44A0-A448-14380EA42662.tmp
10/24/2005 5:54:18 PM H 96 C:\WINDOWS\Temp\CSAFF61634-3002-4529-BE01-A76F9176F56B.tmp
10/25/2005 8:56:46 AM H 0 C:\WINDOWS\Temp\CSB01A7F63-B470-4A02-8DF6-1A23609D62EE.tmp
10/24/2005 5:54:18 PM H 0 C:\WINDOWS\Temp\CSB034EB45-7C16-4B16-BCEF-CE1ACC4F8FB3.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSB035D07C-0D3E-448B-B477-DB5F87E28B35.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSB093808F-70FD-45CE-87D1-571F35DA09E4.tmp
10/25/2005 8:56:50 AM H 7908 C:\WINDOWS\Temp\CSB0AA8927-0BEC-4ABC-BD8B-B91BD72A1379.tmp
10/27/2005 7:08:46 AM H 120 C:\WINDOWS\Temp\CSB0F089C8-DA69-4137-86A6-C43452B5A919.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSB1C97F5F-1495-42A6-AB5C-B1D9FBA09F28.tmp
10/26/2005 6:56:40 PM H 30 C:\WINDOWS\Temp\CSB21B199D-D6A8-4AF0-A0E4-D7F4B75467F2.tmp
10/23/2005 8:09:54 PM H 32 C:\WINDOWS\Temp\CSB35F47D7-087C-492F-B1EE-2B8D67CA19D0.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSB378CB6E-4E63-44CE-9B2D-57482CA83A7D.tmp
10/23/2005 8:09:54 PM H 72059 C:\WINDOWS\Temp\CSB3A36043-2B3C-48FD-9D54-9DD8CB0C29E4.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSB4AEB187-05E8-44CF-8722-64F476295BF8.tmp
10/29/2005 12:34:28 PM H 30 C:\WINDOWS\Temp\CSB5B407DF-E57C-4F49-8110-0FDFF3C60441.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSB6EA1DA6-88B9-4E7C-9B00-8E76D5160CEA.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSB7800A85-6A21-4974-A40F-0331B0999556.tmp
11/1/2005 9:37:42 PM H 0 C:\WINDOWS\Temp\CSB869B15E-8A54-442B-86EA-192B4C6EFBD7.tmp
10/29/2005 12:34:28 PM H 1355588 C:\WINDOWS\Temp\CSB891C906-C074-4769-8548-71EE09E7491D.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSB8AFFB6E-4BF0-4BCC-A8BF-EDCD8C8C425D.tmp
10/24/2005 5:54:18 PM H 50 C:\WINDOWS\Temp\CSBAC9ED47-1C0D-42AB-9DA3-D69E3DF36825.tmp
11/1/2005 9:37:42 PM H 120 C:\WINDOWS\Temp\CSBB09DCEB-32D2-432B-8606-9EA7AA7EBB2E.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CSBB0B84E2-524D-416E-AB60-8559590D2ECC.tmp
10/23/2005 8:09:54 PM H 2016 C:\WINDOWS\Temp\CSBB394421-8DED-4970-8339-14CD513AB240.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSBBAA254F-543C-47E9-B552-7AC73EFE0E98.tmp
10/26/2005 7:11:00 PM H 412944 C:\WINDOWS\Temp\CSBC86C9B6-59F6-48DC-90AD-9DFC6439A429.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSBCC33ABE-2C36-486B-9C9E-5C9D8F187162.tmp
10/26/2005 6:56:40 PM H 438 C:\WINDOWS\Temp\CSBCC5328B-A190-4BA0-BAC7-C980240B2C68.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSBCCAB863-7D51-4234-83A7-912353836163.tmp
10/25/2005 8:57:36 AM H 1519726 C:\WINDOWS\Temp\CSBD70B756-1E8E-42FD-8055-E6479DC2A62F.tmp
10/26/2005 6:56:40 PM H 422 C:\WINDOWS\Temp\CSBFF30879-7B2A-4826-8FB4-D349072B2ED1.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSC00C7661-FA75-4552-9F20-126D90D63D6E.tmp
10/23/2005 8:10:44 PM H 1862368 C:\WINDOWS\Temp\CSC057E204-C160-4163-A7ED-79FE8139DFAF.tmp
10/26/2005 7:11:00 PM H 82104 C:\WINDOWS\Temp\CSC0C21ECA-3077-474B-A905-F7FD033BC259.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSC0D6E442-01D6-4F89-9D27-B00DF5349105.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSC2B36557-C538-4907-9BA6-A8B477052444.tmp
11/1/2005 9:37:42 PM H 446 C:\WINDOWS\Temp\CSC38FC26B-F89F-4B41-9955-6EED514077C6.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSC396E2B8-F60C-4427-81BB-DED1DAC8DA41.tmp
10/24/2005 5:54:18 PM H 0 C:\WINDOWS\Temp\CSC3C11FD3-4115-469E-A940-AB1380A1DE7C.tmp
10/27/2005 7:08:46 AM H 514 C:\WINDOWS\Temp\CSC3CCBA73-D112-4209-943D-1AA78ECED436.tmp
10/27/2005 7:08:46 AM H 48 C:\WINDOWS\Temp\CSC3EE604C-7F48-48F9-A7E1-F869B8A9D3CC.tmp
10/24/2005 5:54:18 PM H 100 C:\WINDOWS\Temp\CSC4D16102-15B5-4C03-A3EE-6AF08BDD35AD.tmp
10/24/2005 5:54:18 PM H 42 C:\WINDOWS\Temp\CSC5B5AA22-53DA-41B5-99BC-BC7B100D7E1D.tmp
10/27/2005 7:08:46 AM H 68 C:\WINDOWS\Temp\CSC65C0020-39AC-43DA-A3C9-2D66409957CA.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CSC690F17A-0A99-4C65-A4F7-6E79CFC1B21C.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSC8096575-4B4F-4917-A306-E3CA0BA3E160.tmp
10/26/2005 6:56:40 PM H 50 C:\WINDOWS\Temp\CSC8559C1C-0DEE-4C3D-8A8D-D2A8D27F5E8B.tmp
10/27/2005 7:08:46 AM H 124 C:\WINDOWS\Temp\CSC94182C6-78CA-43DC-A181-638BD504027C.tmp
10/27/2005 7:08:46 AM H 30 C:\WINDOWS\Temp\CSC9DC65A7-A103-493D-A8C4-BD2CB37418E8.tmp
10/26/2005 6:56:40 PM H 42 C:\WINDOWS\Temp\CSCA2A9959-6338-4DDF-9A46-45A718A77E2E.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSCA32C64A-2527-45F2-A496-48DF01B97154.tmp
10/25/2005 8:56:50 AM H 1348984 C:\WINDOWS\Temp\CSCAF49069-179D-4449-AAFB-AB449DC1B4ED.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSCBD4398F-B8B1-4801-9282-FDEF1AE2F320.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSCC0B0201-1211-466B-9CC7-33429096F634.tmp
10/24/2005 5:54:18 PM H 0 C:\WINDOWS\Temp\CSCD03EA1F-0003-4104-8786-A9780A29EFE6.tmp
11/1/2005 9:37:42 PM H 96 C:\WINDOWS\Temp\CSCD9049E9-69FD-43E0-BD95-9B34B938B15E.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSCDF719EF-DEDB-45C6-BD7F-58F8993300D1.tmp
10/25/2005 8:56:50 AM H 0 C:\WINDOWS\Temp\CSCF0C7F49-2CD4-427F-A237-27E1A91DF23A.tmp
10/25/2005 8:56:50 AM H 2124 C:\WINDOWS\Temp\CSCF6073B8-5D28-4116-BD9E-D1591AF73AD6.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSCFDFB0C4-3B5E-4DFB-910A-CB910003F94F.tmp
10/26/2005 6:56:40 PM H 118 C:\WINDOWS\Temp\CSD07E4789-79BA-4B94-A911-F6372020C0B2.tmp
10/26/2005 6:56:40 PM H 68 C:\WINDOWS\Temp\CSD0A4DC1B-5C76-4757-9992-36F50932623A.tmp
10/23/2005 8:09:54 PM H 23988 C:\WINDOWS\Temp\CSD10A83B2-4271-45B3-9EAA-842363F19613.tmp
10/26/2005 7:09:42 PM H 72059 C:\WINDOWS\Temp\CSD116D8CB-7D30-47BC-9E74-1F955BBB581A.tmp
10/29/2005 12:34:30 PM H 582894 C:\WINDOWS\Temp\CSD1795B45-C327-4E11-97CC-A1014CEA6A43.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSD1A6CB44-C264-499D-A864-5BD95D57A3E0.tmp
10/23/2005 8:10:40 PM H 1519726 C:\WINDOWS\Temp\CSD26FC93D-4FC8-467E-832E-40A3791C3945.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSD289EAE8-DECE-408A-B2C9-4495219EE865.tmp
10/26/2005 7:11:00 PM H 1862368 C:\WINDOWS\Temp\CSD2AD56EC-BF5B-4F5A-97CE-0D599B8ED3CA.tmp
10/29/2005 12:34:28 PM H 2016 C:\WINDOWS\Temp\CSD44FBAE8-7DCD-4A48-AF58-4A8CE186F9F6.tmp
10/24/2005 5:54:18 PM H 30 C:\WINDOWS\Temp\CSD45882A5-4771-4CD6-9776-B4D875F5F7F7.tmp
10/26/2005 7:09:42 PM H 204 C:\WINDOWS\Temp\CSD4982882-DE78-4F1A-A5B9-3E4535736B3B.tmp
10/26/2005 6:56:40 PM H 48 C:\WINDOWS\Temp\CSD4D4F158-456B-440B-A3ED-918A13E4DC2B.tmp
10/23/2005 8:09:54 PM H 110600 C:\WINDOWS\Temp\CSD536FC80-2C56-4C23-9006-B1BAF123DF14.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSD53E9692-2A25-4998-BEB0-85C90F1A9292.tmp
10/26/2005 7:09:42 PM H 160 C:\WINDOWS\Temp\CSD8625804-0EB0-41B2-AC9C-11FAA57A2BEC.tmp
10/24/2005 5:54:18 PM H 14 C:\WINDOWS\Temp\CSD87BBC12-210C-48C2-8A98-FCE190620D06.tmp
10/25/2005 8:56:50 AM H 3429 C:\WINDOWS\Temp\CSD9464CE9-4765-41E0-98BC-AA70BDBF4598.tmp
11/1/2005 9:37:42 PM H 30 C:\WINDOWS\Temp\CSD9B49E07-8D45-4495-BF72-2017F3C1BC28.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CSDA660D36-B0AC-468F-80A2-9A00DBC30E67.tmp
10/23/2005 8:09:54 PM H 2124 C:\WINDOWS\Temp\CSDB94EC97-853C-47A1-87CF-1416816814E3.tmp
10/26/2005 6:56:40 PM H 42 C:\WINDOWS\Temp\CSDD341B48-AA69-43D3-B896-83B9AE6548F5.tmp
10/25/2005 8:56:50 AM H 160 C:\WINDOWS\Temp\CSDE222E63-A372-40B1-B49F-C17CD3A176FD.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSDE2E7C0B-2405-4835-9413-67F00DAA5D0B.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSDF0CF8BA-0882-4560-8125-CC9EDF8E5089.tmp
10/29/2005 12:34:28 PM H 160 C:\WINDOWS\Temp\CSDF4C5E44-E8FC-4700-82A1-0E919C33BE1E.tmp
10/29/2005 12:36:40 PM H 82936 C:\WINDOWS\Temp\CSE066FEC4-9D10-47A6-87D1-ACB1153AED15.tmp
11/1/2005 9:37:42 PM H 102 C:\WINDOWS\Temp\CSE1509EE0-1E6C-4AC6-8667-9B0E12BC11F7.tmp
10/27/2005 7:08:46 AM H 422 C:\WINDOWS\Temp\CSE15D5371-14D5-435F-8EF2-E15277165B2A.tmp
10/25/2005 8:56:50 AM H 2404080 C:\WINDOWS\Temp\CSE1B7B4B1-82A3-4924-803B-BC471BE8BFE9.tmp
10/25/2005 8:57:38 AM H 1862368 C:\WINDOWS\Temp\CSE213DFA0-FDCE-49B0-8CEF-D2F246351DEF.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSE48AA839-15A4-4EB0-B9D3-BFE65A246AA6.tmp
11/1/2005 9:37:42 PM H 14 C:\WINDOWS\Temp\CSE5391E1E-2353-4913-87DA-0DCD9746EF90.tmp
10/27/2005 7:08:46 AM H 752 C:\WINDOWS\Temp\CSE5623751-2B1E-4203-8DF7-F7F1C71A30DF.tmp
10/29/2005 12:34:28 PM H 23988 C:\WINDOWS\Temp\CSE5FB6B78-2F7D-49EA-A126-D7D2206E2FFD.tmp
11/1/2005 9:37:42 PM H 114 C:\WINDOWS\Temp\CSE6566917-4145-4BDB-A9EC-9F093AB19E43.tmp
10/26/2005 6:56:40 PM H 48 C:\WINDOWS\Temp\CSE7ED192B-6E4B-476D-9C5A-52BCE3986861.tmp
10/26/2005 6:56:40 PM H 30 C:\WINDOWS\Temp\CSE85DEC3E-AC88-4821-984E-19788158272A.tmp
10/29/2005 12:34:28 PM H 946432 C:\WINDOWS\Temp\CSEB1EA8DC-2471-49E1-8ECE-F08427861384.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSEBB00738-EF1B-466D-BABC-3B592B48144D.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSEC1DD4CA-EC28-467E-BC59-2B8FFBDB44E0.tmp
11/1/2005 9:37:42 PM H 68 C:\WINDOWS\Temp\CSEC53D29A-7159-4CAC-B334-112568E9BBB3.tmp
10/23/2005 8:09:54 PM H 814 C:\WINDOWS\Temp\CSEC68F18A-B0CF-443B-B7E8-8D5D6A89621D.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CSED1476A2-5FD4-43E7-BF14-9155F6146907.tmp
10/27/2005 8:37:40 AM H 0 C:\WINDOWS\Temp\CSED29171A-CE94-47F0-9801-B7C35108E5F2.tmp
10/26/2005 6:56:40 PM H 514 C:\WINDOWS\Temp\CSEE45A22D-1966-467E-B9F0-CC1C26A55CDC.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSEE4E9160-E17C-4EBC-A6CB-A43E0926EB89.tmp
11/1/2005 9:37:42 PM H 100 C:\WINDOWS\Temp\CSEF4CF9CD-8D9B-4661-8565-FE1574BBC680.tmp
10/23/2005 8:09:54 PM H 580678 C:\WINDOWS\Temp\CSEF805FCE-E203-4A4E-9817-4093736855DF.tmp
10/29/2005 12:36:38 PM H 1530672 C:\WINDOWS\Temp\CSEFC769F6-CBD5-4A18-866B-0E1F8A6C4189.tmp
10/24/2005 5:54:18 PM H 0 C:\WINDOWS\Temp\CSF095BC74-B54E-4519-862F-7619345C676F.tmp
11/1/2005 9:37:42 PM H 124 C:\WINDOWS\Temp\CSF0C20B95-72D3-4FD3-9BB6-F6FD067B182D.tmp
11/1/2005 9:37:42 PM H 514 C:\WINDOWS\Temp\CSF1417E6C-6030-4D7E-821A-C2CE9D5592B3.tmp
10/24/2005 5:54:18 PM H 0 C:\WINDOWS\Temp\CSF1A9DD58-AA38-484E-820A-5C428DDCDE05.tmp
10/29/2005 12:34:28 PM H 3429 C:\WINDOWS\Temp\CSF38DF90C-6C74-49EE-A6F5-4C175947EBFD.tmp
10/25/2005 8:56:50 AM H 2016 C:\WINDOWS\Temp\CSF4EC1F07-54B4-4302-8747-CB3CA4B29352.tmp
11/1/2005 9:37:42 PM H 118 C:\WINDOWS\Temp\CSF54962F2-8C33-4E51-83F5-EB2900FF9BA0.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSF561BD52-6F28-4794-AC25-E6463872992D.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSF57B59A2-B2B5-4E9A-97D4-BE1A04D5B383.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CSF68FF40E-722D-4922-B582-3041E49EE767.tmp
10/26/2005 6:56:40 PM H 120 C:\WINDOWS\Temp\CSF6E1E222-1ADB-49DB-9041-B1EE361E0C0E.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSF7C4BD17-32CC-4076-BE84-BF7B22789642.tmp
10/24/2005 5:54:18 PM H 120 C:\WINDOWS\Temp\CSF7FBE030-6CEA-4E0C-BAA8-1361313FC57F.tmp
10/27/2005 7:08:46 AM H 50 C:\WINDOWS\Temp\CSF8176514-C997-4990-BE24-504E171CF683.tmp
11/1/2005 9:37:42 PM H 10 C:\WINDOWS\Temp\CSF88D905B-FD52-406F-9BF3-A8B30685AF8A.tmp
10/26/2005 6:56:40 PM H 10 C:\WINDOWS\Temp\CSF9C3DD5C-AE68-4C17-B593-CB3B7B297526.tmp
10/27/2005 7:08:46 AM H 10 C:\WINDOWS\Temp\CSFA3AFEA9-3384-431A-B29D-81F520C6C933.tmp
11/1/2005 9:37:42 PM H 438 C:\WINDOWS\Temp\CSFA98F77A-02D7-42BA-AD15-F7789AA3D47B.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSFBEB49D3-B59F-4F6C-AED0-7A3086F36888.tmp
10/24/2005 5:54:18 PM H 10 C:\WINDOWS\Temp\CSFD8689C4-D291-4A86-BD33-4C9A075AC12E.tmp
10/24/2005 5:54:18 PM H 100 C:\WINDOWS\Temp\CSFEC67B73-BAD1-44A8-A029-34C09B4ABA67.tmp
11/1/2005 9:37:42 PM H 518 C:\WINDOWS\Temp\CSFFD4D154-F12B-41ED-90CD-707F0F86BA5C.tmp

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 7/28/2003 2:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
IBM Corporation 2/12/1999 12:38:14 PM 498688 C:\WINDOWS\SYSTEM32\setnote.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 2/28/2002 1:56:34 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/17/2004 10:34:08 AM HS 84 C:\Documents and Settings\Al

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 December 2005 - 06:05 AM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#5 brooklyn11218

brooklyn11218
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY
  • Local time:02:59 PM

Posted 24 December 2005 - 10:57 PM

Hi,

sorry for the late reply. I didnt realize you had responded. I did as you asked and here's the hijackthis log. also when i ran that program it said some kind of error.

Logfile of HijackThis v1.99.1
Scan saved at 10:54:38 PM, on 12/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\devldr32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\1134165765\ee\AOLServiceHost.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1134165765\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Jose Rivera\My Documents\Programs\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p....0&plcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Class - {CC9908BF-DB26-5D28-B257-C15D770AF166} - blank (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - blank (file missing)
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094096504242
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129723176995
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.com/acti...loadControl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2005 - 12:33 PM

Sorry for the delay,been a bit under the weather.

If you will,go back into Safe Mode and Scan the PC with WinPFind again,Once the Scan is completed, try running the Apropos Fix once more and see if you can locate the error iot returns?


Restart Normal and post the results of the WinPFind Scan and any info on this run of the Apropos Fix.

#7 brooklyn11218

brooklyn11218
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY

Posted 28 December 2005 - 05:06 PM

Hi,

I did as you asked. Everytime i tried to run WinPFind it stopped responding, so i couldnt do that. The Apropros fix ran normally then gave me the error. I was just about to copy it when the program continued until its finish. I posted the log below. The error was something like "error connecting to IP Address" or "IP director" something like that.

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Jose Rivera\My Documents\Programs\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CuTjEAB3eX29]
@="A8vDm2vGHHGHHIHjXWO_D5GHHGWJHqchXiqmH8E89y2NMHx7.By78HxDu_u248I8E8"
"Device"="\\\\.\\PDC4_xp"
"DriverName"="usbxSmb"
"HideUninstallerName"="C:\\Program Files\\Hp cetec\\gpkl_mtf.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\scppstui.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{701255DA-63DB-447A-BE27-63FF77F41EFC}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\ixsmlnka.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xf71f464-92b3-19a3-649b-c347a80c8213}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Hp cetec\\jgpbdest.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\ahurnr20.exe"
--
[HKEY_LOCAL_MACHINE\Software\CuTjEAB3eX29]
@="A8vDm2vGHHGHHIHjXWO_D5GHHGWJHqchXiqmH8E89y2NMHx7.By78HxDu_u248I8E8"
"Device"="\\\\.\\PDC4_xp"
"DriverName"="usbxSmb"
"HideUninstallerName"="C:\\Program Files\\Hp cetec\\gpkl_mtf.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\scppstui.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{701255DA-63DB-447A-BE27-63FF77F41EFC}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\ixsmlnka.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xf71f464-92b3-19a3-649b-c347a80c8213}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Hp cetec\\jgpbdest.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\ahurnr20.exe"

************

Removing hidden service:
Service usbxSmb removed.

Removing hidden folder:

Deleting files:

Deletion of file C:\WINDOWS\system32\ahurnr20.exe succeeded!
Deletion of file C:\WINDOWS\system32\ixsmlnka.dll succeeded!
Deletion of file C:\WINDOWS\system32\scppstui.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CuTjEAB3eX29]
[-HKEY_CURRENT_USER\Software\CuTjEAB3eX29]
[-HKEY_LOCAL_MACHINE\Software\CuTjEAB3eX29]
[-HKEY_LOCAL_MACHINE\Software\CuTjEAB3eX29]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{701255DA-63DB-447A-BE27-63FF77F41EFC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{701255DA-63DB-447A-BE27-63FF77F41EFC}]

Done!

Finished!

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2005 - 07:37 PM

Good Deal,hopefully thats the end of Apropos and may have been whats hendering WinPFind.

Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.


Restart back in Safe Mode and Scan again with Cleanup to be sure nothing survived,when prompted to log off choose No.


Try once more to Scan with WinPFind and let me know if it Works.


Restart Normal and Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#9 brooklyn11218

brooklyn11218
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY
  • Local time:02:59 PM

Posted 02 January 2006 - 04:13 PM

Hi,

I did everything and posted the logs for WinPFind and Kaspersky below. also, My pc seems to be getting worse lately. It freezes up totally causing me to reboot the comuter by powering down instead of start/shutdown. my programs are takign forever to do anything and watching video/audio on it is imposible...it just keeps freezing and repeating the same thing over and over. also no matter how many times i scan with my anti spy/ad/virus programs I cant get rid of them. just thought i would mention it. I sincerly appreciate your help.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
UPX! 10/15/2003 11:42:16 PM 150528 C:\WINDOWS\unSpySweeper.exe
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745

Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PEC2 10/19/2000 6:53:02 PM 566857 C:\WINDOWS\SYSTEM32\glib-1.3.dll
PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/2/2006 12:23:38 PM S 2048 C:\WINDOWS\bootstat.dat
12/9/2005 4:54:34 PM H 24 C:\WINDOWS\puc2l
1/1/2006 8:26:02 PM H 54156 C:\WINDOWS\QTFont.qfn
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 12:23:28 PM H 8192 C:\WINDOWS\system32\config\default.LOG
1/2/2006 12:23:54 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/2/2006 12:23:40 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
1/2/2006 12:23:54 PM H 65536 C:\WINDOWS\system32\config\software.LOG
1/2/2006 12:24:56 PM H 1208320 C:\WINDOWS\system32\config\system.LOG
12/16/2005 8:22:22 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/20/2005 11:25:18 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dd5aeab4-6a5d-4e0b-a673-c0cf09820bc8
11/20/2005 11:25:18 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
1/2/2006 12:22:30 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 7/28/2003 2:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
IBM Corporation 2/12/1999 12:38:14 PM 498688 C:\WINDOWS\SYSTEM32\setnote.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 2/28/2002 1:56:34 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/17/2004 10:34:08 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
12/18/2005 5:36:14 PM 1656 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoBack.lnk
10/5/2005 12:04:22 PM 682 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/17/2004 6:14:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
3/24/2005 11:26:32 PM 11 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
8/30/2004 3:23:52 PM 11 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
1/1/2006 8:31:42 PM 1362 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/17/2004 10:34:08 AM HS 84 C:\Documents and Settings\Jose Rivera\Start Menu\Programs\Startup\desktop.ini
12/22/2005 10:23:40 PM 877 C:\Documents and Settings\Jose Rivera\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/17/2004 6:14:46 AM HS 62 C:\Documents and Settings\Jose Rivera\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
Verizon Broadband Toolbar = blank
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC9908BF-DB26-5D28-B257-C15D770AF166}
Class = blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} = Verizon Broadband Toolbar : blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2FDEF853-0759-11D4-A92E-006097DBED37}
ButtonText = Encarta Encyclopedia :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5DA9DE80-097A-11D4-A92E-006097DBED37}
ButtonText = Define :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} = Verizon Broadband Toolbar : blank
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
DellTouch C:\WINDOWS\DELLMMKB.EXE
HostManager C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
RegistryMechanic
LexPPS.exe C:\WINDOWS\system32\lexpps.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PeerGuardian C:\Program Files\PeerGuardian2\pg2.exe
EPSON Stylus Photo R300 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
SpySweeper C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
AOLCC "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
AOL Fast Start "C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
location Common Startup
item America Online 8.0 Tray Icon
backup C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
location Common Startup
item America Online 8.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office\OSA9.EXE -b -l
item Microsoft Office
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk
backup C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe
item MiniEYE-MiniREAD Launch
backup C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe
item MiniEYE-MiniREAD Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell AIO Printer A960
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dlbfbmgr
hkey HKLM
command "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dlbfbmgr
hkey HKLM
command "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus Photo R300 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item E_S4I2F1
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item E_S4I2F1
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Portfolio
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Msn Messenger
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgs
hkey HKLM
command msnmsgs.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgs
hkey HKLM
command msnmsgs.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMCTRAY
hkey HKCU
command RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMCTRAY
hkey HKCU
command RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REGSHAVE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioAudioCentral
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioDragToDisc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioEngineUtility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WorksFUD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wkfud
hkey HKLM
command C:\Program Files\Microsoft Works\wkfud.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wkfud
hkey HKLM
command C:\Program Files\Microsoft Works\wkfud.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/2/2006 12:35:31 PM


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 02, 2006 15:50:39
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 168704
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 81789
Number of viruses found: 6
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 9516 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Jose Rivera\Local Settings\Application Data\Identities\{D4786ABC-CD38-4C19-946D-B08DE65EA257}\Microsoft\Outlook Express\Deleted Items.dbx/[From "PayPal security" <security@paypal.com>][Date Sat, 15 Oct 2005 20:13:58 +0700]/html Infected: Trojan-Spy.HTML.Paylap.cd
C:\Documents and Settings\Jose Rivera\Local Settings\Application Data\Identities\{D4786ABC-CD38-4C19-946D-B08DE65EA257}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Paylap.cd
C:\Documents and Settings\Jose Rivera\My Documents\Programs\aproposfix\backups\backups.zip/backups/ahurnr20.exe Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Jose Rivera\My Documents\Programs\aproposfix\backups\backups.zip/backups/gpkl_mtf.exe Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Jose Rivera\My Documents\Programs\aproposfix\backups\backups.zip/backups/ixsmlnka.dll Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Jose Rivera\My Documents\Programs\aproposfix\backups\backups.zip/backups/jgpbdest.exe Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Jose Rivera\My Documents\Programs\aproposfix\backups\backups.zip/backups/scppstui.exe Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Jose Rivera\My Documents\Programs\aproposfix\backups\backups.zip Infected: Trojan.Win32.Crypt.t
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
C:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f
C:\WINDOWS\browserxtras\pn\remove.exe Infected: Trojan-Downloader.Win32.Keenval.f
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame
C:\WINDOWS\system32\drivers\etc\hosts.20050419-062224.backup Infected: Backdoor.Win32.MoSucker.l

Scan process completed.

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 03 January 2006 - 06:38 PM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\glib-1.3.dll
    C:\WINDOWS\Downloaded Program Files\gsda.dll
    C:\WINDOWS\unSpySweeper.exe
    C:\WINDOWS\puc2l
    C:\Documents and Settings\Jose Rivera\Local Settings\Application Data\Identities\{D4786ABC-CD38-4C19-946D-B08DE65EA257}\Microsoft\Outlook Express\Deleted Items.dbx
    C:\WINDOWS\system32\drivers\etc\hosts.20050419-062224.backup
    C:\WINDOWS\browserxtras\pn\remove.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Restart in Safe Mode and Locate and Delete this folder

C:\WINDOWS\browserxtras


Still in Safe Mode,Scan with WinPfind once more.


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda

#11 brooklyn11218

brooklyn11218
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY

Posted 05 January 2006 - 08:20 PM

Hi,

I did as you asked and posted the logs below. everything went smooth except killbox, the option to unregister .dll was not available but everything seemed to be deleted fine. here are the logs:



Incident Status Location

Adware:adware/searchaid Not disinfected C:\WINDOWS\SYSTEM32\sdklr32.exe
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/cydoor Not disinfected C:\WINDOWS\cdmxtras
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.ask.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[.com.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.bfast.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.com.com/]
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[lb3.netster.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.peel.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[stat.onestat.com/]
Potentially unwanted tool:Application/GameSpy Not disinfected C:\!KillBox\gsda.dll
Virus:Trj/Qhost.gen Disinfected C:\!KillBox\hosts.20050419-062224.backup
Adware:Adware/KeenValue Not disinfected C:\!KillBox\remove.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt[]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt[]


Logfile of HijackThis v1.99.1
Scan saved at 7:48:44 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Common Files\AOL\1134165765\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1134165765\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jose Rivera\My Documents\Programs\HijackThis1991.exe
C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p....0&plcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Class - {CC9908BF-DB26-5D28-B257-C15D770AF166} - blank (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - blank (file missing)
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094096504242
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129723176995
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.com/acti...loadControl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745

Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/5/2006 1:31:48 PM S 2048 C:\WINDOWS\bootstat.dat
1/2/2006 8:30:44 PM H 54156 C:\WINDOWS\QTFont.qfn
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/5/2006 1:31:38 PM H 8192 C:\WINDOWS\system32\config\default.LOG
1/5/2006 1:32:06 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/5/2006 1:31:50 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
1/5/2006 1:32:06 PM H 65536 C:\WINDOWS\system32\config\software.LOG
1/5/2006 1:32:00 PM H 1155072 C:\WINDOWS\system32\config\system.LOG
12/16/2005 8:22:22 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/20/2005 11:25:18 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dd5aeab4-6a5d-4e0b-a673-c0cf09820bc8
11/20/2005 11:25:18 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
1/5/2006 1:30:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8FU9O056\desktop.ini
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JU687VFJ\desktop.ini
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OXYV4XIR\desktop.ini
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W3EV2905\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 7/28/2003 2:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
IBM Corporation 2/12/1999 12:38:14 PM 498688 C:\WINDOWS\SYSTEM32\setnote.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 2/28/2002 1:56:34 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/17/2004 10:34:08 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
12/18/2005 5:36:14 PM 1656 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoBack.lnk
10/5/2005 12:04:22 PM 682 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/17/2004 6:14:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
3/24/2005 11:26:32 PM 11 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
8/30/2004 3:23:52 PM 11 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
1/1/2006 8:31:42 PM 1362 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/17/2004 10:34:08 AM HS 84 C:\Documents and Settings\Jose Rivera\Start Menu\Programs\Startup\desktop.ini
12/22/2005 10:23:40 PM 877 C:\Documents and Settings\Jose Rivera\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/17/2004 6:14:46 AM HS 62 C:\Documents and Settings\Jose Rivera\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
Verizon Broadband Toolbar = blank
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC9908BF-DB26-5D28-B257-C15D770AF166}
Class = blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} = Verizon Broadband Toolbar : blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2FDEF853-0759-11D4-A92E-006097DBED37}
ButtonText = Encarta Encyclopedia :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5DA9DE80-097A-11D4-A92E-006097DBED37}
ButtonText = Define :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} = Verizon Broadband Toolbar : blank
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
DellTouch C:\WINDOWS\DELLMMKB.EXE
HostManager C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
RegistryMechanic

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PeerGuardian C:\Program Files\PeerGuardian2\pg2.exe
EPSON Stylus Photo R300 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
SpySweeper C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
AOLCC "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\A

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 January 2006 - 07:24 AM

Allright,Use Pocket Killbox again and delete these files

C:\WINDOWS\SYSTEM32\sdklr32.exe
C:\WINDOWS\smdat32m.sys
C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\do8a7muz.default\cookies.txt
C:\Documents and Settings\Jose Rivera\Application Data\Mozilla\Firefox\Profiles\dov9pytt.default\cookies.txt



Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p....0&plcid=0x0409

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: Class - {CC9908BF-DB26-5D28-B257-C15D770AF166} - blank (file missing)

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


The WinPFind log got cut off,so please post the entire log in the next reply


Do one last Online Scan here
http://www.bitdefender.com/scan/licence.php

Pos any results you get along with the WinPFind log.

#13 brooklyn11218

brooklyn11218
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY
  • Local time:02:59 PM

Posted 09 January 2006 - 03:02 AM

Hi,

Sorry about the WinPfind log getting cut. I posted it below along with the log from the online scan.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\LPT$VPN.745
PECompact2 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
qoologic 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745
SAHAgent 7/26/2005 8:44:00 AM 15442435 C:\WINDOWS\VPTNFILE.745

Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/3/2004 1:03:48 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/9/2006 2:39:26 AM S 2048 C:\WINDOWS\bootstat.dat
1/8/2006 3:34:34 AM H 0 C:\WINDOWS\LastGood\INF\oem51.inf
1/8/2006 3:34:34 AM H 0 C:\WINDOWS\LastGood\INF\oem51.PNF
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/9/2006 2:39:16 AM H 8192 C:\WINDOWS\system32\config\default.LOG
1/9/2006 2:39:44 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/9/2006 2:39:28 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
1/9/2006 2:39:42 AM H 69632 C:\WINDOWS\system32\config\software.LOG
1/9/2006 2:39:38 AM H 1159168 C:\WINDOWS\system32\config\system.LOG
12/16/2005 8:22:22 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/20/2005 11:25:18 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dd5aeab4-6a5d-4e0b-a673-c0cf09820bc8
11/20/2005 11:25:18 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
1/9/2006 2:38:24 AM H 6 C:\WINDOWS\Tasks\SA.DAT
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8FU9O056\desktop.ini
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JU687VFJ\desktop.ini
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OXYV4XIR\desktop.ini
1/3/2006 8:54:56 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W3EV2905\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 7/28/2003 2:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
IBM Corporation 2/12/1999 12:38:14 PM 498688 C:\WINDOWS\SYSTEM32\setnote.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 2/28/2002 1:56:34 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/17/2004 10:34:08 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
12/18/2005 5:36:14 PM 1656 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoBack.lnk
10/5/2005 12:04:22 PM 682 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/17/2004 6:14:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
3/24/2005 11:26:32 PM 11 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
8/30/2004 3:23:52 PM 11 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
1/1/2006 8:31:42 PM 1362 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/17/2004 10:34:08 AM HS 84 C:\Documents and Settings\Jose Rivera\Start Menu\Programs\Startup\desktop.ini
12/22/2005 10:23:40 PM 877 C:\Documents and Settings\Jose Rivera\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/17/2004 6:14:46 AM HS 62 C:\Documents and Settings\Jose Rivera\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpsi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
Verizon Broadband Toolbar = blank
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2FDEF853-0759-11D4-A92E-006097DBED37}
ButtonText = Encarta Encyclopedia :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5DA9DE80-097A-11D4-A92E-006097DBED37}
ButtonText = Define :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} = Verizon Broadband Toolbar : blank
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
DellTouch C:\WINDOWS\DELLMMKB.EXE
HostManager C:\Program Files\Common Files\AOL\1134165765\ee\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
RegistryMechanic

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PeerGuardian C:\Program Files\PeerGuardian2\pg2.exe
EPSON Stylus Photo R300 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
SpySweeper C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
AOLCC "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
AOL Fast Start "C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
location Common Startup
item America Online 8.0 Tray Icon
backup C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
location Common Startup
item America Online 8.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office\OSA9.EXE -b -l
item Microsoft Office
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk
backup C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe
item MiniEYE-MiniREAD Launch
backup C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe
item MiniEYE-MiniREAD Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell AIO Printer A960
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dlbfbmgr
hkey HKLM
command "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dlbfbmgr
hkey HKLM
command "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus Photo R300 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item E_S4I2F1
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item E_S4I2F1
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Portfolio
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Msn Messenger
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgs
hkey HKLM
command msnmsgs.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgs
hkey HKLM
command msnmsgs.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMCTRAY
hkey HKCU
command RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMCTRAY
hkey HKCU
command RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REGSHAVE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioAudioCentral
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RxMon
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioDragToDisc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DrgToDsc
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioEngineUtility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EngUtil
hkey HKLM
command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WorksFUD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wkfud
hkey HKLM
command C:\Program Files\Microsoft Works\wkfud.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wkfud
hkey HKLM
command C:\Program Files\Microsoft Works\wkfud.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/9/2006 2:51:08 AM




BitDefender Online Scanner







Scan report generated at: Sun, Jan 08, 2006 - 12:41:48









Scan path: A:\;C:\;D:\;E:\;F:\;G:\;















Statistics

Time


09:05:56

Files


379769

Folders


6374

Boot Sectors


2

Archives


6280

Packed Files


21618







Results

Identified Viruses


1

Infected Files


1

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


1







Engines Info

Virus Definitions


250648

Engine build


AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins


13

Archive plugins


39

Unpack plugins


4

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\!KillBox\remove.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Downloader.Keenval.F

C:\!KillBox\remove.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\!KillBox\remove.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0002


Deleted

C:\!KillBox\remove.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)


Update failed

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 January 2006 - 06:57 PM

Now those are the kind of results I like to see! :thumbsup:

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#15 brooklyn11218

brooklyn11218
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Location:Brooklyn, NY

Posted 12 January 2006 - 01:48 AM

Hi,

despite all the trouble you've gone through (which i appreciate deeply by the way), my computer is exactly the same. all the spy/adware is still there the slowing and all the other symptoms i have described before. Maybe i have a new undiscovered virus? perhaps I should bring it to a shop for repair?

I really dont know what else to do...I have thought of wiping the hdd and starting fresh but i dont want to lose any of my files...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users